Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003487 advisory. The usbnetgenericcdcbind function in drivers/net/usb/cdcether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service divide-by-zero...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002698 advisory. The vhcihcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002043)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002043 advisory. Heap-based buffer overflow in the wdmincallback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cau...

CVE-2022-50927

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...

CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

UBUNTU-CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22859

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read. This vulnerability is...

CVE-2026-22856

FreeRDP (CVE-2026-22856): A race in the serial channel IRP thread tracking can cause a heap-use-after-free when one thread removes an entry from serial->IrpThreads while another reads it. This issue is fixed in FreeRDP 3.20.1. The vulnerability affects pre-3.20.1 releases; no exploitation deta...

EUVD-2026-2671

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856 FreeRDP has a heap-use-after-free in create_irp_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856 FreeRDP has a heap-use-after-free in create_irp_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

CVE-2025-71108

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect numconnectors capability The UCSI spec states that the numconnectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it...

CVE-2025-71108

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect numconnectors capability The UCSI spec states that the numconnectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it...

SUSE CVE-2025-71094

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asixreadphyaddr. A malicious or faulty device can return an invalid address = PHYMAXADDR, which causes a warning in...